Most of us are guilty of using the same email to sign up for multiple accounts, including banking, social media, and newsletter sign ups. And even worse, we often choose to use the same password for all of these accounts. At the time, this may appear to be the best and most simple solution, but in the end, you could be creating a cybersecurity nightmare for yourself.
What Could Possibly Go Wrong?
By choosing to use a single email account and/or password, you ultimately give hackers access to all of your accounts. For example, if someone gains access to your email account, they could view all emails associated with other accounts or subscriptions and simply log into these accounts with the password used to access your email. This is so common that there are bots online constantly trying to log into high traffic sites with databases of (ill gotten) e-mail and password combinations. This practice is commonly known as credential stuffing. According to The Register, credential stuffing has become more frequent and brazen than ever. Once inside attackers can gather information and send scamming and phishing messages. It is obvious that it is good practice to keep separate passwords for separate accounts.
Lately, there has been a rash of scam e-mails asking for ransom. Armed with a known password and associated account, an attacker can attempt to make a recipient believe they have been hacked. Most scams include a request to de-activate an account or release fictitious information obtained in the supposed hack.
Keep Business and Personal Separate
Signing up for memberships like social media accounts with personal e-mail accounts as opposed to business e-mail accounts can also help mitigate security threats. When you use a work email account for personal online accounts not only are you opening up the organization’s data to a possible hack, but you are also comingling your personal and work information. Not to mention, most organizations have certain ownership rights to information within business email accounts. So, you may want to think twice before you use your work email to sign up for Facebook.
Has an Account Associated with Your Email Address Been Compromised?
The website haveibeenpwned.com can take an e-mail address and check it against a list of “5,555,672,077” known public credentials. If an account has been compromised, you may want to consider changing your email addresses and passwords for those accounts.
It is better to be safe than sorry so taking an extra moment to keep passwords, as well as, work and personal accounts separate goes a long way.